Configuring Security

If you need to apply a security policy on the outgoing REST service call, you do so by assigning a policy to the system participant that identifies the service endpoint.

In order to invoke a REST service, the invocation task/event requires a process package system participant. On deployment, this participant will be associated with an HTTP shared resource instance in the target ActiveMatrix BPM runtime. This shared resource instance (and therefore a single system participant) signifies the base endpoint URL to be used to invoke the REST service.

Note: A REST Service only supports authentication policies of Basic Authentication or Custom Policy.

Procedure

  1. In Project Explorer, select the system participant that identifies the service endpoint defined on the REST service call.
  2. On the General tab of the Properties view, expand Shared Resource. The endpoint’s configuration details are displayed.
  3. In the Policy Type field, select the type of security policy required to invoke the service from the drop-down menu:
    • None
    • Basic Authentication enables you to require credentials, in the form of a username and password, to make a transaction.
    • Custom Policy, to apply a custom security policy to the outgoing REST request and, if required, to the incoming REST response.
      Note: You must use a Custom Policy if the REST response message returned by the service contains a security header. The Basic Authentication policy does not handle an incoming REST response that contains a security header.
  4. If you selected Basic Authentication, a Governance App. Name field is displayed. Enter the name of the identity provider application from which the BPM runtime will obtain the authentication information needed to contact the service.
  5. If you selected Custom, a Custom Policy Set field is displayed.
    1. Click Browse. The Select Policy Set dialog is displayed, listing all external policy sets that are available in the current workspace.
      Note: Generally, you should copy the custom policy set file into the process package folder of the BPM project where the REST service is configured.
      Note: The external policy set file that defines the policy to be used must be available in the same workspace. (It does not have to be in the same project.)

      If the required policy set file is not already available, click Cancel, import the file to a project in the workspace and try again. See Custom Policy Set.

    2. Select the policy set that the BPM runtime will apply to the outgoing REST request (and, if appropriate, to the incoming REST response).
    3. Click OK.